The present invention relates to electronics and communications, and, more particularly, to a method and relative system architecture for encrypting data transmitted on data networks.
The growing development of networks and broadband telecommunication services and, particularly of pay services, and the growing demand for increasingly high security standards for the privacy of the data transmitted have dictated a strong need for data encrypting systems and algorithms. Among the most important applications are the encrypting of video transmission for pay TV services, of telephone conversations through mobile radio systems, and of data transmitted on a telecommunications network (electronic signatures, telecommunications bank operations, trading, and the like).
Typically, telecommunication networks supporting these services are broadband networks whose success is due to new network technologies and, in particular, to the flexibility of communication protocols (for example X.25, IP, ATM) based on the so-called packet switching techniques. The packet switching technique is based on the segmentation of the information to be transmitted into the form of packets of digital data of adequate length depending on the needs, to which address data (header) are associated for the information to reach its destination. With these techniques of transmission, the band is occupied only in presence of data traffic to be transmitted and different communications of different types of traffic may co-exist on a unique carrier.
If on one hand the Internet Protocol (IP) is emerging as the platform network with greater growth prospects, on the other hand the advent of new systems and broadband media (optical fibers and coaxial cables) represent a concrete premise for offering to the users a wealth of new services based on the ATM technique (Asynchronous Transform Mode). In the future, the combination of service platforms, such as Internet with the ATM transport technique, may also contribute to accelerate the use of applications based on the ATM technique.
In this scenario, security is becoming a primary requirement for all operators of the sector because telecommunications services are on the increase (home banking, virtual shopping, electronic trading, etc.) and they require a high degree of privacy of information. FIG. 1 shows the functional scheme of a secure communication system which highlights the presence of encrypting (CRYPT) and decrypting (CRYPTxe2x88x921) blocks for data protection. The encrypting block CRYPT at the transmitter station encrypts the messages (clear text) commonly through a password function, so that only authorized persons can retrieve the original message. The output of the encrypting (encoding) process, called ciphered text, is decrypted (decoded) at the receiver station by way of an enciphering password.
It has been noticed that methodologies based on chaos theory may be useful in cryptation techniques. Potentially they are much more undecryptable than traditional cryptation techniques (DES, RSA, IDEA, MD5, etc.) presently used in packet switching networks.
A starting point for the creation of chaotic cryptation systems are the so-called chaotic models. These, regardless of the meaning and the problems related to their development, are recursive systems which given certain initial values, indefinitely evolve in time in a complex and unpredictable manner. The following table indicates some of the most common discrete chaotic models (also referred to as maps).
Each chaotic series is characterized by the relative key, that is by the values of the initial state x(0) and of the control parameters (parameters a and b). Generally, to encrypt the stream of digital data without increasing the amount of transmitted information, the most appropriate approach to protect the information is that of masking, as shown in the example of FIG. 2.
According to this approach, the transmitted data are masked by hiding the information signal within a more complex one, generated by a chaotic system, by simply adding the two types of data. During the reception phase, the opposite operation must be carried out, that is discriminating between the received data and the information to be locally reconstructed through a system identical to that used for the transmission.
The delicate problem of synchronization which is addressed herein, is independent of the choice of a particular chaotic map. Reliability and the very high level of security are the main advantages of chaotic cryptography. Starting from different parameters, it is impossible to obtain two identical series even if the starting parameters differ very little. This is an intrinsic characteristic of chaotic systems.
The following technical papers relate to the problem of cryptation systems for packet switching networks.
(1) B. Schneier, Applied cryptographyxe2x80x94Protocols, Algorithms and Source Code in C, John Wiley and Sons, 1994.
(2) D. R. Frey, Chaotic Digital Encoding: An Approach to Secure Communication, IEEE Trans Circuits Syst.xe2x80x94Part II, vol. 40, no. 10, pp. 660-666, 1993.
(3) M. J. Ogorzalek, Taming Chaos: Part Ixe2x80x94Synchronization, IEEE Trans Circuits Syst.xe2x80x94Part I, vol. 40, no. 10, pp. 693-6699, 1993.
(4) G. Kolumb (n, M. P. Kennedy and L. O. Chua, The Role of Synchronization in Digital Communications Using Chaosxe2x80x94Part I: Fundamentals of Digital Communications, IEEE Trans Circuits Syst.xe2x80x94Part I, vol. 44, no. 10, pp. 927-936, 1997.
(5) F. Dachselt, K. Kelber and W. Schwarz, Chaotic Coding and Cryptoanalysis, Proceedings of ISCAS ""97, pp. 1061-1064, 1997.
(6) William Stallings, xe2x80x9cIPv6: The New Internet Protocolxe2x80x9d, IEEE Communications Magazine, July 1996, pp. 96-108.
In view of the foregoing background, it is an object of the invention to provide for a cryptography system based on digital chaotic models with enhanced security based on an encrypting/decrypting symmetric system, employing a key that is dynamically updated by the chaotic system.
According to a preferred embodiment of the invention, the dynamic key continuously processed by a certain model or digital chaotic map, used for encrypting/decrypting the information symmetrically at the transmitter and at the receiver, is generated through a multilevel architecture. This provides for a scaleable degree of security, depending on the user""s needs. A higher degree of security can be obtained at the expense of an increment of the time taken for encrypting/decrypting.
The method of the invention, considers the organization of packets of crypted data with a header of data having a predefined and constant length, and with a payload of a variable length containing the crypted information.